Re: [hiprg] A question of the identity privacy

Pekka Nikander <pekka.nikander@nomadiclab.com> Thu, 04 February 2010 04:58 UTC

Return-Path: <pekka.nikander@nomadiclab.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6AB2228C0F6 for <hiprg@core3.amsl.com>; Wed, 3 Feb 2010 20:58:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBh1v5JwJtf0 for <hiprg@core3.amsl.com>; Wed, 3 Feb 2010 20:58:11 -0800 (PST)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id EECFB28C0FE for <hiprg@irtf.org>; Wed, 3 Feb 2010 20:58:10 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id EFE0A4E6C8; Thu, 4 Feb 2010 06:58:53 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNOJXSkskLZR; Thu, 4 Feb 2010 06:58:52 +0200 (EET)
Received: from smtp.nomadiclab.com (d146.nomadiclab.com [IPv6:2001:14b8:400:100::146]) by gw.nomadiclab.com (Postfix) with ESMTP id A39A74E6C5; Thu, 4 Feb 2010 06:58:52 +0200 (EET)
Received: from smtp.nomadiclab.com (localhost [127.0.0.1]) by smtp.nomadiclab.com (Postfix) with ESMTP id 55D3810703F; Thu, 4 Feb 2010 06:58:52 +0200 (EET)
Received: from [IPv6:::1] (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by smtp.nomadiclab.com (Postfix) with ESMTP id 15DE4106E8F; Thu, 4 Feb 2010 06:58:52 +0200 (EET)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="utf-8"
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
In-Reply-To: <006101caa550$38c6a670$070d6f0a@china.huawei.com>
Date: Thu, 04 Feb 2010 06:58:52 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <7BF848AA-5D0D-4763-859A-396440E8F482@nomadiclab.com>
References: <7CC566635CFE364D87DC5803D4712A6C4C1F48A6F2@XCH-NW-10V.nw.nos.boeing.com> <006101caa550$38c6a670$070d6f0a@china.huawei.com>
To: Dacheng Zhang <zhangdacheng@huawei.com>
X-Mailer: Apple Mail (2.1077)
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: hiprg@irtf.org
Subject: Re: [hiprg] A question of the identity privacy
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2010 04:58:12 -0000

Hi Dacheng,

Yes I do think privacy protection is desirable in some scenarios, and that more research in this field would be good.  I'm not familar with any other related work, other than that the architecture document should point out that the initiator can use an ephemeral HI (and HIT) in the case it wants its privacy to be protected.  

I don't think it is explained anywhere, but in the case the initiator wants to use a long-living HI, it can run BEX using an ephemeral HIT and then give another HI in the encrypted part of I2.  Furthermore, I'm afraid nobody has ever bothered to write down the minute details of how that should be done, if needed.

--Pekka

On 2010-02 -04, at 06:12 , Dacheng Zhang wrote:

> Hello, everyone:
> 
> I just read a paper “BLIND: A Complete Identity Protection Framework for
> End-points” which proposes a solution to protect the privacy of HITs of
> both communicating hosts. I believe that the privacy protection of HITs is
> desired in many scenarios. But, I am a bit concerned whether BLIND is
> suitable in a client/server model. Normally, a server should public its
> access information to DNS, and it may not make a big sense to protect the
> identity and location privacy of a server. Apart from Blind, I didn't find
> any other papers about the identity privacy issues with HIP. 
> 
> Here, I have three questions. First, do you think the identity privacy
> protection can be desired for HIP? If it is, do you think it is a good idea
> to propose a simplified protocol as a complement of BLIND, which only
> protects the identity privacy of the initiator? In addition, do you know
> whether there is any other related work? 
> 
> Cheers
> 
> Dacheng   
> 
> 
> _______________________________________________
> hiprg mailing list
> hiprg@irtf.org
> https://www.irtf.org/mailman/listinfo/hiprg